
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="zh_Hans">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>安全问题档案 &#8212; Django 3.2.11.dev 文档</title>
    <link rel="stylesheet" href="../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../_static/jquery.js"></script>
    <script type="text/javascript" src="../_static/underscore.js"></script>
    <script type="text/javascript" src="../_static/doctools.js"></script>
    <script type="text/javascript" src="../_static/language_data.js"></script>
    <link rel="index" title="索引" href="../genindex.html" />
    <link rel="search" title="搜索" href="../search.html" />
    <link rel="next" title="Django internals" href="../internals/index.html" />
    <link rel="prev" title="Django 0.95 版本发行说明" href="0.95.html" />



 
<script src="../templatebuiltins.js"></script>
<script>
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../index.html">Django 3.2.11.dev 文档</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../index.html">Home</a>  |
        <a title="Table of contents" href="../contents.html">Table of contents</a>  |
        <a title="Global index" href="../genindex.html">Index</a>  |
        <a title="Module index" href="../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="0.95.html" title="Django 0.95 版本发行说明">previous</a>
     |
    <a href="index.html" title="发行说明" accesskey="U">up</a>
   |
    <a href="../internals/index.html" title="Django internals">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="releases-security">
            
  <div class="section" id="s-archive-of-security-issues">
<span id="archive-of-security-issues"></span><h1>安全问题档案<a class="headerlink" href="#archive-of-security-issues" title="永久链接至标题">¶</a></h1>
<p>Django 的开发团队致力于负责任地报告和披露与安全相关的问题，正如 <a class="reference internal" href="../internals/security.html"><span class="doc">Django 的安全政策</span></a> 所概述的那样。</p>
<p>作为该承诺的一部分，我们保留了以下已修复和披露的历史问题清单。对于每个问题，下面的列表包括日期、简要描述、<a class="reference external" href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">CVE 标识符</a> （如果适用）、受影响版本的列表、到完整披露的链接以及到适当补丁的链接。</p>
<p>一些重要的注意事项适用于这些信息：</p>
<ul class="simple">
<li>受影响的版本列表只包括那些在披露时有稳定的、安全支持的版本的 Django。这意味着旧版本（其安全支持已经过期）和在披露时处于发布前（alpha／beta／RC）状态的版本可能会受到影响，但没有被列出。</li>
<li>Django 项目有时会发布安全公告，指出潜在的安全问题，这些问题可能是由于配置不当或 Django 本身以外的其他问题造成的。有些安全公告已经收到了 CVE，在这种情况下，它们会被列在这里，但由于它们没有附带的补丁或版本，所以只会列出描述、披露和 CVE。</li>
</ul>
<div class="section" id="s-issues-under-django-s-security-process">
<span id="issues-under-django-s-security-process"></span><h2>Django 的安全流程下的问题<a class="headerlink" href="#issues-under-django-s-security-process" title="永久链接至标题">¶</a></h2>
<p>所有的安全问题都已经在 Django 的安全进程的版本下处理。这些版本列举如下。</p>
<div class="section" id="s-december-7-2021-cve-2021-44420">
<span id="december-7-2021-cve-2021-44420"></span><h3>December 7, 2021 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-44420">CVE-2021-44420</a><a class="headerlink" href="#december-7-2021-cve-2021-44420" title="永久链接至标题">¶</a></h3>
<p>Potential bypass of an upstream access control based on URL paths. <a class="reference external" href="https://www.djangoproject.com/weblog/2021/dec/07/security-releases/">Full
description</a></p>
<div class="section" id="s-versions-affected">
<span id="versions-affected"></span><h4>受影响的版本<a class="headerlink" href="#versions-affected" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a">(patch)</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/22bd17488159601bf0741b70ae7932bffea8eced">(patch)</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7">(patch)</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-1-2021-cve-2021-35042">
<span id="july-1-2021-cve-2021-35042"></span><h3>2021 年 7 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-35042">CVE-2021-35042</a><a class="headerlink" href="#july-1-2021-cve-2021-35042" title="永久链接至标题">¶</a></h3>
<p>潜在的 SQL 注入，通过未检验的 <code class="docutils literal notranslate"><span class="pre">QuerySet.order_by()</span></code> 输入。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/jul/01/security-releases/">完整描述</a></p>
<div class="section" id="s-id1">
<span id="id1"></span><h4>受影响的版本<a class="headerlink" href="#id1" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/a34a5f724c5d5adb2109374ba3989ebb7b11f81f">（补丁）</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/0bd57a879a0d54920bb9038a732645fb917040e9">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-june-2-2021-cve-2021-33203">
<span id="june-2-2021-cve-2021-33203"></span><h3>2021 年 6 月 2 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-33203">CVE-2021-33203</a><a class="headerlink" href="#june-2-2021-cve-2021-33203" title="永久链接至标题">¶</a></h3>
<p>可能通过 <code class="docutils literal notranslate"><span class="pre">admindocs</span></code> 进行目录遍历。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/jun/02/security-releases/">完整描述</a></p>
<div class="section" id="s-id2">
<span id="id2"></span><h4>受影响的版本<a class="headerlink" href="#id2" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/dfaba12cda060b8b292ae1d271b44bf810b1c5b9">（补丁）</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/20c67a0693c4ede2b09af02574823485e82e4c8f">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-june-2-2021-cve-2021-33571">
<span id="june-2-2021-cve-2021-33571"></span><h3>2021 年 6 月 2 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-33571">CVE-2021-33571</a><a class="headerlink" href="#june-2-2021-cve-2021-33571" title="永久链接至标题">¶</a></h3>
<p>由于验证器接受 IPv4 地址中的前导零，因此可能出现不确定的 SSRF、RFI 和 LFI 攻击。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/jun/02/security-releases/">完整描述</a></p>
<div class="section" id="s-id3">
<span id="id3"></span><h4>受影响的版本<a class="headerlink" href="#id3" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/9f75e2e562fa0c0482f3dde6fc7399a9070b4a3d">（补丁）</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/203d4ab9ebcd72fc4d6eb7398e66ed9e474e118e">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-may-6-2021-cve-2021-32052">
<span id="may-6-2021-cve-2021-32052"></span><h3>May 6, 2021 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-32052">CVE-2021-32052</a><a class="headerlink" href="#may-6-2021-cve-2021-32052" title="永久链接至标题">¶</a></h3>
<p>Header injection possibility since <code class="docutils literal notranslate"><span class="pre">URLValidator</span></code> accepted newlines in input
on Python 3.9.5+. <a class="reference external" href="https://www.djangoproject.com/weblog/2021/may/06/security-releases/">Full description</a></p>
<div class="section" id="s-id4">
<span id="id4"></span><h4>受影响的版本<a class="headerlink" href="#id4" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/2d2c1d0c97832860fbd6597977e2aae17dd7e5b2">(patch)</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/afb23f5929944a407e4990edef1c7806a94c9879">(patch)</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/d9594c4ea57b6309d93879805302cec9ae9f23ff">(patch)</a></li>
</ul>
</div>
</div>
<div class="section" id="s-may-4-2021-cve-2021-31542">
<span id="may-4-2021-cve-2021-31542"></span><h3>2021 年 5 月 4 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-31542">CVE-2021-31542</a><a class="headerlink" href="#may-4-2021-cve-2021-31542" title="永久链接至标题">¶</a></h3>
<p>通过上传的文件进行潜在的目录遍历。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/may/04/security-releases/">完整描述</a></p>
<div class="section" id="s-id5">
<span id="id5"></span><h4>受影响的版本<a class="headerlink" href="#id5" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/c98f446c188596d4ba6de71d1b77b4a6c5c2a007">（补丁）</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/25d84d64122c15050a0ee739e859f22ddab5ac48">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-april-6-2021-cve-2021-28658">
<span id="april-6-2021-cve-2021-28658"></span><h3>2021 年 4 月 6 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-28658">CVE-2021-28658</a><a class="headerlink" href="#april-6-2021-cve-2021-28658" title="永久链接至标题">¶</a></h3>
<p>通过上传的文件进行潜在的目录遍历。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/apr/06/security-releases/">完整描述</a></p>
<div class="section" id="s-id6">
<span id="id6"></span><h4>受影响的版本<a class="headerlink" href="#id6" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/2820fd1be5dfccbf1216c3845fad8580502473e1">（补丁）</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/cca0d98118cccf9ae0c6dcf2d6c57fc50469fbf0">（补丁）</a></li>
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/e7fba62248f604c76da4f23dcf1db4a57b0808ea">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-19-2021-cve-2021-23336">
<span id="february-19-2021-cve-2021-23336"></span><h3>2021 年 2 月 19 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-23336">CVE-2021-23336</a><a class="headerlink" href="#february-19-2021-cve-2021-23336" title="永久链接至标题">¶</a></h3>
<p>通过 <code class="docutils literal notranslate"><span class="pre">django.utils.http.limited_parse_qsl()</span></code> 进行的网络缓存中毒。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/feb/19/security-releases/">完整描述</a>。</p>
<div class="section" id="s-id7">
<span id="id7"></span><h4>受影响的版本<a class="headerlink" href="#id7" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.2 <a class="reference external" href="https://github.com/django/django/commit/be8237c7cce24b06aabde0b97afce98ddabbe3b6">（补丁）</a></li>
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/8f6d431b08cbb418d9144b976e7b972546607851">（补丁）</a></li>
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/326a926beef869d3341bc9ef737887f0449b6b71">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/fd6b6afd5959b638c62dbf4839ccff97e7f7dfda">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-1-2021-cve-2021-3281">
<span id="february-1-2021-cve-2021-3281"></span><h3>2021 年 2 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2021-3281">CVE-2021-3281</a><a class="headerlink" href="#february-1-2021-cve-2021-3281" title="永久链接至标题">¶</a></h3>
<p>通过 <code class="docutils literal notranslate"><span class="pre">archive.extract()</span></code> 进行潜在的目录遍历。<a class="reference external" href="https://www.djangoproject.com/weblog/2021/feb/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id8">
<span id="id8"></span><h4>受影响的版本<a class="headerlink" href="#id8" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/02e6592835b4559909aa3aaaf67988fef435f624">（补丁）</a></li>
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/52e409ed17287e9aabda847b6afe58be2fa9f86a">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/21e7622dec1f8612c85c2fc37fe8efbfd3311e37">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-1-2020-cve-2020-24584">
<span id="september-1-2020-cve-2020-24584"></span><h3>2020 年 9 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2020-24584">CVE-2020-24584</a><a class="headerlink" href="#september-1-2020-cve-2020-24584" title="永久链接至标题">¶</a></h3>
<p>在 Python 3.7+ 上，文件系统缓存的中间层目录的权限升级。<a class="reference external" href="https://www.djangoproject.com/weblog/2020/sep/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id9">
<span id="id9"></span><h4>受影响的版本<a class="headerlink" href="#id9" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b">（补丁）</a></li>
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-1-2020-cve-2020-24583">
<span id="september-1-2020-cve-2020-24583"></span><h3>2020 年 9 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2020-24583">CVE-2020-24583</a><a class="headerlink" href="#september-1-2020-cve-2020-24583" title="永久链接至标题">¶</a></h3>
<p>在 Python 3.7+ 上，中间层目录的权限不正确。<a class="reference external" href="https://www.djangoproject.com/weblog/2020/sep/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id10">
<span id="id10"></span><h4>受影响的版本<a class="headerlink" href="#id10" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.1 <a class="reference external" href="https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584">（补丁）</a></li>
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-june-3-2020-cve-2020-13596">
<span id="june-3-2020-cve-2020-13596"></span><h3>2020 年 6 月 3 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2020-13596">CVE-2020-13596</a><a class="headerlink" href="#june-3-2020-cve-2020-13596" title="永久链接至标题">¶</a></h3>
<p>可能通过管理 <code class="docutils literal notranslate"><span class="pre">ForeignKeyRawIdWidget</span></code> 进行 XSS。<a class="reference external" href="https://www.djangoproject.com/weblog/2020/jun/03/security-releases/">完整说明</a></p>
<div class="section" id="s-id11">
<span id="id11"></span><h4>受影响的版本<a class="headerlink" href="#id11" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-june-3-2020-cve-2020-13254">
<span id="june-3-2020-cve-2020-13254"></span><h3>2020 年 6 月 3 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2020-13254">CVE-2020-13254</a><a class="headerlink" href="#june-3-2020-cve-2020-13254" title="永久链接至标题">¶</a></h3>
<p>通过畸形的 memcached 密钥可能造成数据泄露。<a class="reference external" href="https://www.djangoproject.com/weblog/2020/jun/03/security-releases/">完整说明</a></p>
<div class="section" id="s-id12">
<span id="id12"></span><h4>受影响的版本<a class="headerlink" href="#id12" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-4-2020-cve-2020-9402">
<span id="march-4-2020-cve-2020-9402"></span><h3>2020 年 3 月 4 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2020-9402">CVE-2020-9402</a><a class="headerlink" href="#march-4-2020-cve-2020-9402" title="永久链接至标题">¶</a></h3>
<p>针对 Oracle 数据库， 通过 GIS 函数和聚合函数中的  <code class="docutils literal notranslate"><span class="pre">tolerance</span></code>  参数带来的潜在 SQL 注入。<a class="reference external" href="https://www.djangoproject.com/weblog/2020/mar/04/security-releases/">完整说明</a></p>
<div class="section" id="s-id13">
<span id="id13"></span><h4>受影响的版本<a class="headerlink" href="#id13" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/26a5cf834526e291db00385dd33d319b8271fc4c">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-3-2020-cve-2020-7471">
<span id="february-3-2020-cve-2020-7471"></span><h3>2020 年 2 月 3 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2020-7471">CVE-2020-7471</a><a class="headerlink" href="#february-3-2020-cve-2020-7471" title="永久链接至标题">¶</a></h3>
<p>通过 <code class="docutils literal notranslate"><span class="pre">StringAgg(delimiter)</span></code> 带来的潜在 SQL 注入。 <a class="reference external" href="https://www.djangoproject.com/weblog/2020/feb/03/security-releases/">完整说明</a></p>
<div class="section" id="s-id14">
<span id="id14"></span><h4>受影响的版本<a class="headerlink" href="#id14" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-december-18-2019-cve-2019-19844">
<span id="december-18-2019-cve-2019-19844"></span><h3>2019 年 12 月 18 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-19844">CVE-2019-19844</a><a class="headerlink" href="#december-18-2019-cve-2019-19844" title="永久链接至标题">¶</a></h3>
<p>通过密码重置表单带来的潜在账户劫持。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/dec/18/security-releases/">完整说明</a></p>
<div class="section" id="s-id15">
<span id="id15"></span><h4>受影响的版本<a class="headerlink" href="#id15" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/302a4ff1e8b1c798aab97673909c7a3dfda42c26">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/4d334bea06cac63dc1272abcec545b85136cca0e">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/f4cff43bf921fcea6a29b726eb66767f67753fa2">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-december-2-2019-cve-2019-19118">
<span id="december-2-2019-cve-2019-19118"></span><h3>2019 年 12 月 2 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-19118">CVE-2019-19118</a><a class="headerlink" href="#december-2-2019-cve-2019-19118" title="永久链接至标题">¶</a></h3>
<p>在 Django 管理中的特权提升。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/dec/02/security-releases/">完整说明</a></p>
<div class="section" id="s-id16">
<span id="id16"></span><h4>受影响的版本<a class="headerlink" href="#id16" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 3.0 <a class="reference external" href="https://github.com/django/django/commit/092cd66cf3c3e175acce698d6ca2012068d878fa">（补丁）</a></li>
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/36f580a17f0b3cb087deadf3b65eea024f479c21">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/103ebe2b5ff1b2614b85a52c239f471904d26244">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-1-2019-cve-2019-14235">
<span id="august-1-2019-cve-2019-14235"></span><h3>2019 年 8 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-14235">CVE-2019-14235</a><a class="headerlink" href="#august-1-2019-cve-2019-14235" title="永久链接至标题">¶</a></h3>
<p>在 <code class="docutils literal notranslate"><span class="pre">django.utils.encoding.uri_to_iri()</span></code> 函数中潜在的内存耗尽。 <a class="reference external" href="https://www.djangoproject.com/weblog/2019/aug/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id17">
<span id="id17"></span><h4>受影响的版本<a class="headerlink" href="#id17" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/cf694e6852b0da7799f8b53f1fb2f7d20cf17534">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/5d50a2e5fa36ad23ab532fc54cf4073de84b3306">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-1-2019-cve-2019-14234">
<span id="august-1-2019-cve-2019-14234"></span><h3>2019 年 8 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-14234">CVE-2019-14234</a><a class="headerlink" href="#august-1-2019-cve-2019-14234" title="永久链接至标题">¶</a></h3>
<p>针对 <code class="docutils literal notranslate"><span class="pre">JSONField</span></code> ／<code class="docutils literal notranslate"><span class="pre">HStoreField</span></code> 在键和索引查询时带来的潜在 SQL 注入。 <a class="reference external" href="https://www.djangoproject.com/weblog/2019/aug/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id18">
<span id="id18"></span><h4>受影响的版本<a class="headerlink" href="#id18" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/4f5b58f5cd3c57fee9972ab074f8dc6895d8f387">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/f74b3ae3628c26e1b4f8db3d13a91d52a833a975">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-1-2019-cve-2019-14233">
<span id="august-1-2019-cve-2019-14233"></span><h3>2019 年 8 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-14233">CVE-2019-14233</a><a class="headerlink" href="#august-1-2019-cve-2019-14233" title="永久链接至标题">¶</a></h3>
<p>存在于 <code class="docutils literal notranslate"><span class="pre">strip_tags()</span></code> 函数的拒绝服务攻击。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/aug/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id19">
<span id="id19"></span><h4>受影响的版本<a class="headerlink" href="#id19" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/e34f3c0e9ee5fc9022428fe91640638bafd4cda7">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/5ff8e791148bd451180124d76a55cb2b2b9556eb">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-1-2019-cve-2019-14232">
<span id="august-1-2019-cve-2019-14232"></span><h3>2019 年 8 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-14232">CVE-2019-14232</a><a class="headerlink" href="#august-1-2019-cve-2019-14232" title="永久链接至标题">¶</a></h3>
<p>存在于 <code class="docutils literal notranslate"><span class="pre">django.utils.text.Truncator</span></code> 的拒绝服务攻击。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/aug/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id20">
<span id="id20"></span><h4>受影响的版本<a class="headerlink" href="#id20" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/c3289717c6f21a8cf23daff1c78c0c014b94041f">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/c23723a1551340cc7d3126f04fcfd178fa224193">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/42a66e969023c00536256469f0e8b8a099ef109d">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-1-2019-cve-2019-12781">
<span id="july-1-2019-cve-2019-12781"></span><h3>2019 年 7 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-12781">CVE-2019-12781</a><a class="headerlink" href="#july-1-2019-cve-2019-12781" title="永久链接至标题">¶</a></h3>
<p>通过 HTTPS 连接反向代理的 HTTP 检测不正确。。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/jul/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id21">
<span id="id21"></span><h4>受影响的版本<a class="headerlink" href="#id21" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/77706a3e4766da5d5fb75c4db22a0a59a28e6cd6">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/1e40f427bb8d0fb37cc9f830096a97c36c97af6f">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-june-3-2019-cve-2019-12308">
<span id="june-3-2019-cve-2019-12308"></span><h3>2019 年 6 月 3 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-12308">CVE-2019-12308</a><a class="headerlink" href="#june-3-2019-cve-2019-12308" title="永久链接至标题">¶</a></h3>
<p>由 <code class="docutils literal notranslate"><span class="pre">AdminURLFieldWidget</span></code> 生成的 “Current URL”  连接引起的跨站脚本漏洞。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/jun/03/security-releases/">完整说明</a></p>
<div class="section" id="s-id22">
<span id="id22"></span><h4>受影响的版本<a class="headerlink" href="#id22" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/afddabf8428ddc89a332f7a78d0d21eaf2b5a673">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/09186a13d975de6d049f8b3e05484f66b01ece62">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-june-3-2019-cve-2019-11358">
<span id="june-3-2019-cve-2019-11358"></span><h3>2019 年 6 月 3 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-11358">CVE-2019-11358</a><a class="headerlink" href="#june-3-2019-cve-2019-11358" title="永久链接至标题">¶</a></h3>
<p>捆绑 jQuery 的原型污染。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/jun/03/security-releases/">完整说明</a></p>
<div class="section" id="s-id23">
<span id="id23"></span><h4>受影响的版本<a class="headerlink" href="#id23" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.2 <a class="reference external" href="https://github.com/django/django/commit/baaf187a4e354bf3976c51e2c83a0d2f8ee6e6ad">（补丁）</a></li>
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/95649bc08547a878cebfa1d019edec8cb1b80829">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-11-2019-cve-2019-6975">
<span id="february-11-2019-cve-2019-6975"></span><h3>2019 年 2 月 11 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-6975">CVE-2019-6975</a><a class="headerlink" href="#february-11-2019-cve-2019-6975" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">django.utils.numberformat.format()</span></code> 中内存耗尽。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/feb/11/security-releases/">完整说明</a></p>
<div class="section" id="s-id24">
<span id="id24"></span><h4>受影响的版本<a class="headerlink" href="#id24" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/40cd19055773705301c3428ed5e08a036d2091f3">（补丁）</a></li>
<li>Django 2.0 <a class="reference external" href="https://github.com/django/django/commit/1f42f82566c9d2d73aff1c42790d6b1b243f7676">（补丁</a> 和 <a class="reference external" href="https://github.com/django/django/commit/392e040647403fc8007708d52ce01d915b014849">修正）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/0bbb560183fabf0533289700845dafa94951f227">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-january-4-2019-cve-2019-3498">
<span id="january-4-2019-cve-2019-3498"></span><h3>2019 年 1 月 4 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2019-3498">CVE-2019-3498</a><a class="headerlink" href="#january-4-2019-cve-2019-3498" title="永久链接至标题">¶</a></h3>
<p>默认 404 页面存在内容欺骗的可能。<a class="reference external" href="https://www.djangoproject.com/weblog/2019/jan/04/security-releases/">完整说明</a></p>
<div class="section" id="s-id25">
<span id="id25"></span><h4>受影响的版本<a class="headerlink" href="#id25" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/64d2396e83aedba3fcc84ca40f23fbd22f0b9b5b">（补丁）</a></li>
<li>Django 2.0 <a class="reference external" href="https://github.com/django/django/commit/9f4ed7c94c62e21644ef5115e393ac426b886f2e">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/1cd00fcf52d089ef0fe03beabd05d59df8ea052a">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-october-1-2018-cve-2018-16984">
<span id="october-1-2018-cve-2018-16984"></span><h3>2018 年 10 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2018-16984">CVE-2018-16984</a><a class="headerlink" href="#october-1-2018-cve-2018-16984" title="永久链接至标题">¶</a></h3>
<p>密码哈希值披露给了 “只看” 的管理员用户。<a class="reference external" href="https://www.djangoproject.com/weblog/2018/oct/01/security-release/">完整说明</a></p>
<div class="section" id="s-id26">
<span id="id26"></span><h4>受影响的版本<a class="headerlink" href="#id26" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/c4bd5b597e0aa2432e4c867b86650f18af117851">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-1-2018-cve-2018-14574">
<span id="august-1-2018-cve-2018-14574"></span><h3>2018 年 8 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2018-14574">CVE-2018-14574</a><a class="headerlink" href="#august-1-2018-cve-2018-14574" title="永久链接至标题">¶</a></h3>
<p>在 <code class="docutils literal notranslate"><span class="pre">CommonMiddleware</span></code> 中开放重定向的可能性。<a class="reference external" href="https://www.djangoproject.com/weblog/2018/aug/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id27">
<span id="id27"></span><h4>受影响的版本<a class="headerlink" href="#id27" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.1 <a class="reference external" href="https://github.com/django/django/commit/c4e5ff7fdb5fce447675e90291fd33fddd052b3c">（补丁）</a></li>
<li>Django 2.0 <a class="reference external" href="https://github.com/django/django/commit/6fffc3c6d420e44f4029d5643f38d00a39b08525">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-6-2018-cve-2018-7537">
<span id="march-6-2018-cve-2018-7537"></span><h3>2018 年 3 月 6 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2018-7537">CVE-2018-7537</a><a class="headerlink" href="#march-6-2018-cve-2018-7537" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">truncatechars_html</span></code> 和 <code class="docutils literal notranslate"><span class="pre">truncatewords_html</span></code> 模板过滤器中存在拒绝服务的可能性。<a class="reference external" href="https://www.djangoproject.com/weblog/2018/mar/06/security-releases/">完整说明</a></p>
<div class="section" id="s-id28">
<span id="id28"></span><h4>受影响的版本<a class="headerlink" href="#id28" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.0 <a class="reference external" href="https://github.com/django/django/commit/94c5da1d17a6b0d378866c66b605102c19f7988c">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539">（补丁）</a></li>
<li>Django 1.8  <a class="reference external" href="https://github.com/django/django/commit/d17974a287a6ea2e361daff88fcc004cbd6835fa">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-6-2018-cve-2018-7536">
<span id="march-6-2018-cve-2018-7536"></span><h3>2018 年 3 月 6 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2018-7536">CVE-2018-7536</a><a class="headerlink" href="#march-6-2018-cve-2018-7536" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">urlize</span></code> 和 <code class="docutils literal notranslate"><span class="pre">urlizetrunc</span></code> 模板过滤器中存在拒绝服务的可能性。<a class="reference external" href="https://www.djangoproject.com/weblog/2018/mar/06/security-releases/">完整说明</a></p>
<div class="section" id="s-id29">
<span id="id29"></span><h4>受影响的版本<a class="headerlink" href="#id29" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.0 <a class="reference external" href="https://github.com/django/django/commit/e157315da3ae7005fa0683ffc9751dbeca7306c8">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16">（补丁）</a></li>
<li>Django 1.8  <a class="reference external" href="https://github.com/django/django/commit/1ca63a66ef3163149ad822701273e8a1844192c2">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-1-2018-cve-2018-6188">
<span id="february-1-2018-cve-2018-6188"></span><h3>2018 年 2 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2018-6188">CVE-2018-6188</a><a class="headerlink" href="#february-1-2018-cve-2018-6188" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">AuthenticationForm</span></code> 中的信息泄露。<a class="reference external" href="https://www.djangoproject.com/weblog/2018/feb/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id30">
<span id="id30"></span><h4>受影响的版本<a class="headerlink" href="#id30" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 2.0 <a class="reference external" href="https://github.com/django/django/commit/c37bb28677295f6edda61d8ac461014ef0d3aeb2">（补丁）</a></li>
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/57b95fedad5e0b83fc9c81466b7d1751c6427aae">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-5-2017-cve-2017-12794">
<span id="september-5-2017-cve-2017-12794"></span><h3>2017 年 9 月 5 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2017-12794">CVE-2017-12794</a><a class="headerlink" href="#september-5-2017-cve-2017-12794" title="永久链接至标题">¶</a></h3>
<p>在技术 500 调试页面的回溯部分可能存在 XSS。<a class="reference external" href="https://www.djangoproject.com/weblog/2017/sep/05/security-releases/">完整说明</a></p>
<div class="section" id="s-id31">
<span id="id31"></span><h4>受影响的版本<a class="headerlink" href="#id31" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.11 <a class="reference external" href="https://github.com/django/django/commit/e35a0c56086924f331e9422daa266e907a4784cc">（补丁）</a></li>
<li>Django 1.10 <a class="reference external" href="https://github.com/django/django/commit/58e08e80e362db79eb0fd775dc81faad90dca47a">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-april-4-2017-cve-2017-7234">
<span id="april-4-2017-cve-2017-7234"></span><h3>2017 年 4 月 4 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2017-7234">CVE-2017-7234</a><a class="headerlink" href="#april-4-2017-cve-2017-7234" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">django.views.static.service()</span></code> 中的开放重定向漏洞。<a class="reference external" href="https://www.djangoproject.com/weblog/2017/apr/04/security-releases/">完整说明</a></p>
<div class="section" id="s-id32">
<span id="id32"></span><h4>受影响的版本<a class="headerlink" href="#id32" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.10 <a class="reference external" href="https://github.com/django/django/commit/2a9f6ef71b8e23fd267ee2be1be26dde8ab67037">（补丁）</a></li>
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/5f1ffb07afc1e59729ce2b283124116d6c0659e4">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/4a6b945dffe8d10e7cec107d93e6efaebfbded29">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-april-4-2017-cve-2017-7233">
<span id="april-4-2017-cve-2017-7233"></span><h3>2017 年 4 月 4 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2017-7233">CVE-2017-7233</a><a class="headerlink" href="#april-4-2017-cve-2017-7233" title="永久链接至标题">¶</a></h3>
<p>通过用户提供的数字重定向 URL 打开重定向和可能的 XSS 攻击。<a class="reference external" href="https://www.djangoproject.com/weblog/2017/apr/04/security-releases/">完整说明</a></p>
<div class="section" id="s-id33">
<span id="id33"></span><h4>受影响的版本<a class="headerlink" href="#id33" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.10 <a class="reference external" href="https://github.com/django/django/commit/f824655bc2c50b19d2f202d7640785caabc82787">（补丁）</a></li>
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/254326cb3682389f55f886804d2c43f7b9f23e4f">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/8339277518c7d8ec280070a780915304654e3b66">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-november-1-2016-cve-2016-9014">
<span id="november-1-2016-cve-2016-9014"></span><h3>2016 年 11 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-9014">CVE-2016-9014</a><a class="headerlink" href="#november-1-2016-cve-2016-9014" title="永久链接至标题">¶</a></h3>
<p>当 <code class="docutils literal notranslate"><span class="pre">DEBUG=Tr</span></code> 时，DNS 重绑定漏洞。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/nov/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id34">
<span id="id34"></span><h4>受影响的版本<a class="headerlink" href="#id34" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.10 <a class="reference external" href="https://github.com/django/django/commit/884e113838e5a72b4b0ec9e5e87aa480f6aa4472">（补丁）</a></li>
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/45acd6d836895a4c36575f48b3fb36a3dae98d19">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/c401ae9a7dfb1a94a8a61927ed541d6f93089587">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-november-1-2016-cve-2016-9013">
<span id="november-1-2016-cve-2016-9013"></span><h3>2016 年 11 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-9013">CVE-2016-9013</a><a class="headerlink" href="#november-1-2016-cve-2016-9013" title="永久链接至标题">¶</a></h3>
<p>在 Oracle 上运行测试时创建的带有硬编码密码的用户。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/nov/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id35">
<span id="id35"></span><h4>受影响的版本<a class="headerlink" href="#id35" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.10 <a class="reference external" href="https://github.com/django/django/commit/34e10720d81b8d407aa14d763b6a7fe8f13b4f2e">（补丁）</a></li>
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/4844d86c7728c1a5a3bbce4ad336a8d32304072b">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/70f99952965a430daf69eeb9947079aae535d2d0">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-26-2016-cve-2016-7401">
<span id="september-26-2016-cve-2016-7401"></span><h3>2016 年 9 月 26 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-7401">CVE-2016-7401</a><a class="headerlink" href="#september-26-2016-cve-2016-7401" title="永久链接至标题">¶</a></h3>
<p>在有 Google Analytics 的网站上绕过 CSRF 保护。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/sep/26/security-releases/">完整说明</a></p>
<div class="section" id="s-id36">
<span id="id36"></span><h4>受影响的版本<a class="headerlink" href="#id36" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/d1bc980db1c0fffd6d60677e62f70beadb9fe64a">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/6118ab7d0676f0d622278e5be215f14fb5410b6a">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-18-2016-cve-2016-6186">
<span id="july-18-2016-cve-2016-6186"></span><h3>2016 年 7 月 18 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-6186">CVE-2016-6186</a><a class="headerlink" href="#july-18-2016-cve-2016-6186" title="永久链接至标题">¶</a></h3>
<p>管理员的添加／更改相关弹窗中的 XSS。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/jul/18/security-releases/">完整说明</a></p>
<div class="section" id="s-id37">
<span id="id37"></span><h4>受影响的版本<a class="headerlink" href="#id37" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/d03bf6fe4e9bf5b07de62c1a271c4b41a7d3d158">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/f68e5a99164867ab0e071a936470958ed867479d">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-1-2016-cve-2016-2513">
<span id="march-1-2016-cve-2016-2513"></span><h3>2016 年 3 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-2513">CVE-2016-2513</a><a class="headerlink" href="#march-1-2016-cve-2016-2513" title="永久链接至标题">¶</a></h3>
<p>通过时间差对密码哈希工作因子升级进行用户枚举。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/mar/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id38">
<span id="id38"></span><h4>受影响的版本<a class="headerlink" href="#id38" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/af7d09b0c5c6ab68e629fd9baf736f9dd203b18e">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/f4e6e02f7713a6924d16540be279909ff4091eb6">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-1-2016-cve-2016-2512">
<span id="march-1-2016-cve-2016-2512"></span><h3>2016 年 3 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-2512">CVE-2016-2512</a><a class="headerlink" href="#march-1-2016-cve-2016-2512" title="永久链接至标题">¶</a></h3>
<p>通过用户提供的包含基本认证的重定向 URL 进行恶意重定向和可能的 XSS 攻击。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/mar/01/security-releases/">完整说明</a></p>
<div class="section" id="s-id39">
<span id="id39"></span><h4>受影响的版本<a class="headerlink" href="#id39" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/fc6d147a63f89795dbcdecb0559256470fff4380">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/382ab137312961ad62feb8109d70a5a581fe8350">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-1-2016-cve-2016-2048">
<span id="february-1-2016-cve-2016-2048"></span><h3>2016 年 2 月 1 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2016-2048">CVE-2016-2048</a><a class="headerlink" href="#february-1-2016-cve-2016-2048" title="永久链接至标题">¶</a></h3>
<p>拥有 “变更” 而非 “添加” 权限的用户可以用 “保存为 True” 为 <code class="docutils literal notranslate"><span class="pre">ModelAdmin</span></code> 创建对象。<a class="reference external" href="https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/">完整说明</a></p>
<div class="section" id="s-id40">
<span id="id40"></span><h4>受影响的版本<a class="headerlink" href="#id40" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.9 <a class="reference external" href="https://github.com/django/django/commit/adbca5e4db42542575734b8e5d26961c8ada7265">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-november-24-2015-cve-2015-8213">
<span id="november-24-2015-cve-2015-8213"></span><h3>November 24, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-8213">CVE-2015-8213</a><a class="headerlink" href="#november-24-2015-cve-2015-8213" title="永久链接至标题">¶</a></h3>
<p>Settings leak possibility in <code class="docutils literal notranslate"><span class="pre">date</span></code> template filter. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id41">
<span id="id41"></span><h4>受影响的版本<a class="headerlink" href="#id41" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/9f83fc2f66f5a0bac7c291aec55df66050bb6991">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-18-2015-cve-2015-5963-cve-2015-5964">
<span id="august-18-2015-cve-2015-5963-cve-2015-5964"></span><h3>August 18, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-5963">CVE-2015-5963</a> / <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-5964">CVE-2015-5964</a><a class="headerlink" href="#august-18-2015-cve-2015-5963-cve-2015-5964" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service possibility in <code class="docutils literal notranslate"><span class="pre">logout()</span></code> view by filling session store.
<a class="reference external" href="https://www.djangoproject.com/weblog/2015/aug/18/security-releases/">Full description</a></p>
<div class="section" id="s-id42">
<span id="id42"></span><h4>受影响的版本<a class="headerlink" href="#id42" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/2eb86b01d7b59be06076f6179a454d0fd0afaff6">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/2f5485346ee6f84b4e52068c04e043092daf55f7">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/575f59f9bc7c59a5e41a081d1f5f55fc859c5012">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-8-2015-cve-2015-5145">
<span id="july-8-2015-cve-2015-5145"></span><h3>July 8, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-5145">CVE-2015-5145</a><a class="headerlink" href="#july-8-2015-cve-2015-5145" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service possibility in URL validation. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jul/08/security-releases/">Full description</a></p>
<div class="section" id="s-id43">
<span id="id43"></span><h4>受影响的版本<a class="headerlink" href="#id43" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/8f9a4d3a2bc42f14bb437defd30c7315adbff22c">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-8-2015-cve-2015-5144">
<span id="july-8-2015-cve-2015-5144"></span><h3>July 8, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-5144">CVE-2015-5144</a><a class="headerlink" href="#july-8-2015-cve-2015-5144" title="永久链接至标题">¶</a></h3>
<p>Header injection possibility since validators accept newlines in input. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jul/08/security-releases/">Full
description</a></p>
<div class="section" id="s-id44">
<span id="id44"></span><h4>受影响的版本<a class="headerlink" href="#id44" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/574dd5e0b0fbb877ae5827b1603d298edc9bb2a0">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/ae49b4d994656bc037513dcd064cb9ce5bb85649">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/1ba1cdce7d58e6740fe51955d945b56ae51d072a">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-8-2015-cve-2015-5143">
<span id="july-8-2015-cve-2015-5143"></span><h3>July 8, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-5143">CVE-2015-5143</a><a class="headerlink" href="#july-8-2015-cve-2015-5143" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service possibility by filling session store. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jul/08/security-releases/">Full
description</a></p>
<div class="section" id="s-id45">
<span id="id45"></span><h4>受影响的版本<a class="headerlink" href="#id45" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/66d12d1ababa8f062857ee5eb43276493720bf16">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/1828f4341ec53a8684112d24031b767eba557663">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/2e47f3e401c29bc2ba5ab794d483cb0820855fb9">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-may-20-2015-cve-2015-3982">
<span id="may-20-2015-cve-2015-3982"></span><h3>May 20, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-3982">CVE-2015-3982</a><a class="headerlink" href="#may-20-2015-cve-2015-3982" title="永久链接至标题">¶</a></h3>
<p>Fixed session flushing in the cached_db backend. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/may/20/security-release/">Full description</a></p>
<div class="section" id="s-id46">
<span id="id46"></span><h4>受影响的版本<a class="headerlink" href="#id46" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/31cb25adecba930bdeee4556709f5a1c42d88fd6">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-18-2015-cve-2015-2317">
<span id="march-18-2015-cve-2015-2317"></span><h3>March 18, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-2317">CVE-2015-2317</a><a class="headerlink" href="#march-18-2015-cve-2015-2317" title="永久链接至标题">¶</a></h3>
<p>Mitigated possible XSS attack via user-supplied redirect URLs. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/mar/18/security-releases/">Full
description</a></p>
<div class="section" id="s-id47">
<span id="id47"></span><h4>受影响的版本<a class="headerlink" href="#id47" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/5510f070711540aaa8d3707776cd77494e688ef9">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/770427c2896a078925abfca2317486b284d22f04">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-18-2015-cve-2015-2316">
<span id="march-18-2015-cve-2015-2316"></span><h3>March 18, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-2316">CVE-2015-2316</a><a class="headerlink" href="#march-18-2015-cve-2015-2316" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service possibility with <code class="docutils literal notranslate"><span class="pre">strip_tags()</span></code>. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/mar/18/security-releases/">Full description</a></p>
<div class="section" id="s-id48">
<span id="id48"></span><h4>受影响的版本<a class="headerlink" href="#id48" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/b6b3cb9899214a23ebb0f4ebf0e0b300b0ee524f">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/5447709a571cd5d95971f1d5d21d4a7edcf85bbd">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-march-9-2015-cve-2015-2241">
<span id="march-9-2015-cve-2015-2241"></span><h3>March 9, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-2241">CVE-2015-2241</a><a class="headerlink" href="#march-9-2015-cve-2015-2241" title="永久链接至标题">¶</a></h3>
<p>XSS attack via properties in <code class="docutils literal notranslate"><span class="pre">ModelAdmin.readonly_fields</span></code>. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/mar/09/security-releases/">Full description</a></p>
<div class="section" id="s-id49">
<span id="id49"></span><h4>受影响的版本<a class="headerlink" href="#id49" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/d16e4e1d6f95e6f46bff53cc4fd0ab398b8e5059">（补丁）</a></li>
<li>Django 1.8 <a class="reference external" href="https://github.com/django/django/commit/2654e1b93923bac55f12b4e66c5e39b16695ace5">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-january-13-2015-cve-2015-0222">
<span id="january-13-2015-cve-2015-0222"></span><h3>January 13, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-0222">CVE-2015-0222</a><a class="headerlink" href="#january-13-2015-cve-2015-0222" title="永久链接至标题">¶</a></h3>
<p>Database denial-of-service with <code class="docutils literal notranslate"><span class="pre">ModelMultipleChoiceField</span></code>. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jan/13/security/">Full description</a></p>
<div class="section" id="s-id50">
<span id="id50"></span><h4>受影响的版本<a class="headerlink" href="#id50" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/d7a06ee7e571b6dad07c0f5b519b1db02e2a476c">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/bcfb47780ce7caecb409a9e9c1c314266e41d392">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-january-13-2015-cve-2015-0221">
<span id="january-13-2015-cve-2015-0221"></span><h3>January 13, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-0221">CVE-2015-0221</a><a class="headerlink" href="#january-13-2015-cve-2015-0221" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service attack against <code class="docutils literal notranslate"><span class="pre">django.views.static.serve()</span></code>. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jan/13/security/">Full
description</a></p>
<div class="section" id="s-id51">
<span id="id51"></span><h4>受影响的版本<a class="headerlink" href="#id51" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/d020da6646c5142bc092247d218a3d1ce3e993f7">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/553779c4055e8742cc832ed525b9ee34b174934f">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/818e59a3f0fbadf6c447754d202d88df025f8f2a">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-january-13-2015-cve-2015-0220">
<span id="january-13-2015-cve-2015-0220"></span><h3>January 13, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-0220">CVE-2015-0220</a><a class="headerlink" href="#january-13-2015-cve-2015-0220" title="永久链接至标题">¶</a></h3>
<p>Mitigated possible XSS attack via user-supplied redirect URLs. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jan/13/security/">Full
description</a></p>
<div class="section" id="s-id52">
<span id="id52"></span><h4>受影响的版本<a class="headerlink" href="#id52" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/4c241f1b710da6419d9dca160e80b23b82db7758">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/72e0b033662faa11bb7f516f18a132728aa0ae28">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/de67dedc771ad2edec15c1d00c083a1a084e1e89">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-january-13-2015-cve-2015-0219">
<span id="january-13-2015-cve-2015-0219"></span><h3>January 13, 2015 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2015-0219">CVE-2015-0219</a><a class="headerlink" href="#january-13-2015-cve-2015-0219" title="永久链接至标题">¶</a></h3>
<p>WSGI header spoofing via underscore/dash conflation. <a class="reference external" href="https://www.djangoproject.com/weblog/2015/jan/13/security/">Full description</a></p>
<div class="section" id="s-id53">
<span id="id53"></span><h4>受影响的版本<a class="headerlink" href="#id53" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/4f6fffc1dc429f1ad428ecf8e6620739e8837450">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/d7597b31d5c03106eeba4be14a33b32a5e25f4ee">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/41b4bc73ee0da7b2e09f4af47fc1fd21144c710f">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-20-2014-cve-2014-0483">
<span id="august-20-2014-cve-2014-0483"></span><h3>August 20, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0483">CVE-2014-0483</a><a class="headerlink" href="#august-20-2014-cve-2014-0483" title="永久链接至标题">¶</a></h3>
<p>Data leakage via querystring manipulation in admin.
<a class="reference external" href="https://www.djangoproject.com/weblog/2014/aug/20/security/">Full description</a></p>
<div class="section" id="s-id54">
<span id="id54"></span><h4>受影响的版本<a class="headerlink" href="#id54" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/027bd348642007617518379f8b02546abacaa6e0">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/2a446c896e7c814661fb9c4f212b071b2a7fa446">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/f7c494f2506250b8cb5923714360a3642ed63e0f">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/2b31342cdf14fc20e07c43d258f1e7334ad664a6">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-20-2014-cve-2014-0482">
<span id="august-20-2014-cve-2014-0482"></span><h3>August 20, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0482">CVE-2014-0482</a><a class="headerlink" href="#august-20-2014-cve-2014-0482" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">RemoteUserMiddleware</span></code> session hijacking. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/aug/20/security/">Full description</a></p>
<div class="section" id="s-id55">
<span id="id55"></span><h4>受影响的版本<a class="headerlink" href="#id55" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/c9e3b9949cd55f090591fbdc4a114fcb8368b6d9">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/dd68f319b365f6cb38c5a6c106faf4f6142d7d88">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/0268b855f9eab3377f2821164ef3e66037789e09">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/1a45d059c70385fcd6f4a3955f3b4e4cc96d0150">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-20-2014-cve-2014-0481">
<span id="august-20-2014-cve-2014-0481"></span><h3>August 20, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0481">CVE-2014-0481</a><a class="headerlink" href="#august-20-2014-cve-2014-0481" title="永久链接至标题">¶</a></h3>
<p>File upload denial of service. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/aug/20/security/">Full description</a></p>
<div class="section" id="s-id56">
<span id="id56"></span><h4>受影响的版本<a class="headerlink" href="#id56" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/30042d475bf084c6723c6217a21598d9247a9c41">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/26cd48e166ac4d84317c8ee6d63ac52a87e8da99">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/dd0c3f4ee1a30c1a1e6055061c6ba6e58c6b54d1">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/3123f8452cf49071be9110e277eea60ba0032216">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-20-2014-cve-2014-0480">
<span id="august-20-2014-cve-2014-0480"></span><h3>August 20, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0480">CVE-2014-0480</a><a class="headerlink" href="#august-20-2014-cve-2014-0480" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">reverse()</span></code> can generate URLs pointing to other hosts. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/aug/20/security/">Full description</a></p>
<div class="section" id="s-id57">
<span id="id57"></span><h4>受影响的版本<a class="headerlink" href="#id57" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/c2fe73133b62a1d9e8f7a6b43966570b14618d7e">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/45ac9d4fb087d21902469fc22643f5201d41a0cd">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/da051da8df5e69944745072611351d4cfc6435d5">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/bf650a2ee78c6d1f4544a875dcc777cf27fe93e9">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-may-18-2014-cve-2014-3730">
<span id="may-18-2014-cve-2014-3730"></span><h3>May 18, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-3730">CVE-2014-3730</a><a class="headerlink" href="#may-18-2014-cve-2014-3730" title="永久链接至标题">¶</a></h3>
<p>Malformed URLs from user input incorrectly validated. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id58">
<span id="id58"></span><h4>受影响的版本<a class="headerlink" href="#id58" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/7feb54bbae3f637ab3c4dd4831d4385964f574df">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/ad32c218850ad40972dcef57beb460f8c979dd6d">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/601107524523bca02376a0ddc1a06c6fdb8f22f3">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/e7b0cace455c2da24492660636bfd48c45a19cdf">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-may-18-2014-cve-2014-1418">
<span id="may-18-2014-cve-2014-1418"></span><h3>May 18, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-1418">CVE-2014-1418</a><a class="headerlink" href="#may-18-2014-cve-2014-1418" title="永久链接至标题">¶</a></h3>
<p>Caches may be allowed to store and serve private data. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id59">
<span id="id59"></span><h4>受影响的版本<a class="headerlink" href="#id59" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/28e23306aa53bbbb8fb87db85f99d970b051026c">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/4001ec8698f577b973c5a540801d8a0bbea1205b">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/1abcf3a808b35abae5d425ed4d44cb6e886dc769">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/7fef18ba9e5a8b47bc24b5bb259c8bf3d3879f2a">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-april-21-2014-cve-2014-0474">
<span id="april-21-2014-cve-2014-0474"></span><h3>April 21, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0474">CVE-2014-0474</a><a class="headerlink" href="#april-21-2014-cve-2014-0474" title="永久链接至标题">¶</a></h3>
<p>MySQL typecasting causes unexpected query results. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/apr/21/security/">Full description</a></p>
<div class="section" id="s-id60">
<span id="id60"></span><h4>受影响的版本<a class="headerlink" href="#id60" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/aa80f498de6d687e613860933ac58433ab71ea4b">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/985434fb1d6bf2335bf96c6ebf91c3674f1f399f">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/5f0829a27e85d89ad8c433f5c6a7a7d17c9e9292">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/34526c2f56b863c2103655a0893ac801667e86ea">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-april-21-2014-cve-2014-0473">
<span id="april-21-2014-cve-2014-0473"></span><h3>April 21, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0473">CVE-2014-0473</a><a class="headerlink" href="#april-21-2014-cve-2014-0473" title="永久链接至标题">¶</a></h3>
<p>Caching of anonymous pages could reveal CSRF token. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/apr/21/security/">Full description</a></p>
<div class="section" id="s-id61">
<span id="id61"></span><h4>受影响的版本<a class="headerlink" href="#id61" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/1170f285ddd6a94a65f911a27788ba49ca08c0b0">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/6872f42757d7ef6a97e0b6ec5db4d2615d8a2bd8">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/d63e20942f3024f24cb8cd85a49461ba8a9b6736">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/380545bf85cbf17fc698d136815b7691f8d023ca">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-april-21-2014-cve-2014-0472">
<span id="april-21-2014-cve-2014-0472"></span><h3>April 21, 2014 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2014-0472">CVE-2014-0472</a><a class="headerlink" href="#april-21-2014-cve-2014-0472" title="永久链接至标题">¶</a></h3>
<p>Unexpected code execution using <code class="docutils literal notranslate"><span class="pre">reverse()</span></code>. <a class="reference external" href="https://www.djangoproject.com/weblog/2014/apr/21/security/">Full description</a></p>
<div class="section" id="s-id62">
<span id="id62"></span><h4>受影响的版本<a class="headerlink" href="#id62" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/c1a8c420fe4b27fb2caf5e46d23b5712fc0ac535">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/2a5bcb69f42b84464b24b5c835dca6467b6aa7f1">（补丁）</a></li>
<li>Django 1.6 <a class="reference external" href="https://github.com/django/django/commit/4352a50871e239ebcdf64eee6f0b88e714015c1b">（补丁）</a></li>
<li>Django 1.7 <a class="reference external" href="https://github.com/django/django/commit/546740544d7f69254a67b06a3fc7fa0c43512958">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-14-2013-cve-2013-1443">
<span id="september-14-2013-cve-2013-1443"></span><h3>September 14, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-1443">CVE-2013-1443</a><a class="headerlink" href="#september-14-2013-cve-2013-1443" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service via large passwords. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/sep/15/security/">Full description</a></p>
<div class="section" id="s-id63">
<span id="id63"></span><h4>受影响的版本<a class="headerlink" href="#id63" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/3f3d887a6844ec2db743fee64c9e53e04d39a368">（补丁</a> 和 <a class="reference external" href="https://github.com/django/django/commit/6903d1690a92aa040adfb0c8eb37cf62e4206714">Python 兼容性修复）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/22b74fa09d7ccbc8c52270d648a0da7f3f0fa2bc">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-10-2013-cve-2013-4315">
<span id="september-10-2013-cve-2013-4315"></span><h3>September 10, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-4315">CVE-2013-4315</a><a class="headerlink" href="#september-10-2013-cve-2013-4315" title="永久链接至标题">¶</a></h3>
<p>Directory-traversal via <code class="docutils literal notranslate"><span class="pre">ssi</span></code> template tag. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/sep/10/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id64">
<span id="id64"></span><h4>受影响的版本<a class="headerlink" href="#id64" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/87d2750b39f6f2d54b7047225521a44dcd37e896">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/988b61c550d798f9a66d17ee0511fb7a9a7f33ca">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-13-2013-cve-2013-6044">
<span id="august-13-2013-cve-2013-6044"></span><h3>August 13, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-6044">CVE-2013-6044</a><a class="headerlink" href="#august-13-2013-cve-2013-6044" title="永久链接至标题">¶</a></h3>
<p>Possible XSS via unvalidated URL redirect schemes. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id65">
<span id="id65"></span><h4>受影响的版本<a class="headerlink" href="#id65" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/ec67af0bd609c412b76eaa4cc89968a2a8e5ad6a">（补丁）</a></li>
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/1a274ccd6bc1afbdac80344c9b6e5810c1162b5f">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-13-2013-cve-2013-4249">
<span id="august-13-2013-cve-2013-4249"></span><h3>August 13, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-4249">CVE-2013-4249</a><a class="headerlink" href="#august-13-2013-cve-2013-4249" title="永久链接至标题">¶</a></h3>
<p>XSS via admin trusting <code class="docutils literal notranslate"><span class="pre">URLField</span></code> values. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/aug/13/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id66">
<span id="id66"></span><h4>受影响的版本<a class="headerlink" href="#id66" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.5 <a class="reference external" href="https://github.com/django/django/commit/90363e388c61874add3f3557ee654a996ec75d78">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-19-2013-cve-2013-0306">
<span id="february-19-2013-cve-2013-0306"></span><h3>February 19, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-0306">CVE-2013-0306</a><a class="headerlink" href="#february-19-2013-cve-2013-0306" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service via formset <code class="docutils literal notranslate"><span class="pre">max_num</span></code> bypass. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/feb/19/security/">Full description</a></p>
<div class="section" id="s-id67">
<span id="id67"></span><h4>受影响的版本<a class="headerlink" href="#id67" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/d7094bbce8cb838f3b40f504f198c098ff1cf727">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/0cc350a896f70ace18280410eb616a9197d862b0">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-19-2013-cve-2013-0305">
<span id="february-19-2013-cve-2013-0305"></span><h3>February 19, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-0305">CVE-2013-0305</a><a class="headerlink" href="#february-19-2013-cve-2013-0305" title="永久链接至标题">¶</a></h3>
<p>Information leakage via admin history log. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/feb/19/security/">Full description</a></p>
<div class="section" id="s-id68">
<span id="id68"></span><h4>受影响的版本<a class="headerlink" href="#id68" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/d3a45e10c8ac8268899999129daa27652ec0da35">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/0e7861aec73702f7933ce2a93056f7983939f0d6">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-19-2013-cve-2013-1664-cve-2013-1665">
<span id="february-19-2013-cve-2013-1664-cve-2013-1665"></span><h3>February 19, 2013 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-1664">CVE-2013-1664</a> / <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2013-1665">CVE-2013-1665</a><a class="headerlink" href="#february-19-2013-cve-2013-1664-cve-2013-1665" title="永久链接至标题">¶</a></h3>
<p>Entity-based attacks against Python XML libraries. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/feb/19/security/">Full description</a></p>
<div class="section" id="s-id69">
<span id="id69"></span><h4>受影响的版本<a class="headerlink" href="#id69" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-19-2013-no-cve">
<span id="february-19-2013-no-cve"></span><h3>February 19, 2013 - No CVE<a class="headerlink" href="#february-19-2013-no-cve" title="永久链接至标题">¶</a></h3>
<p>Additional hardening of <code class="docutils literal notranslate"><span class="pre">Host</span></code> header handling. <a class="reference external" href="https://www.djangoproject.com/weblog/2013/feb/19/security/">Full description</a></p>
<div class="section" id="s-id70">
<span id="id70"></span><h4>受影响的版本<a class="headerlink" href="#id70" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/9936fdb11d0bbf0bd242f259bfb97bbf849d16f8">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-december-10-2012-no-cve-2">
<span id="december-10-2012-no-cve-2"></span><h3>December 10, 2012 - No CVE 2<a class="headerlink" href="#december-10-2012-no-cve-2" title="永久链接至标题">¶</a></h3>
<p>Additional hardening of redirect validation. <a class="reference external" href="https://www.djangoproject.com/weblog/2012/dec/10/security/">Full description</a></p>
<div class="section" id="s-id71">
<span id="id71"></span><h4>受影响的版本<a class="headerlink" href="#id71" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3: <a class="reference external" href="https://github.com/django/django/commit/1515eb46daa0897ba5ad5f0a2db8969255f1b343">（补丁）</a></li>
<li>Django 1.4: <a class="reference external" href="https://github.com/django/django/commit/b2ae0a63aeec741f1e51bac9a95a27fd635f9652">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-december-10-2012-no-cve-1">
<span id="december-10-2012-no-cve-1"></span><h3>December 10, 2012 - No CVE 1<a class="headerlink" href="#december-10-2012-no-cve-1" title="永久链接至标题">¶</a></h3>
<p>Additional hardening of <code class="docutils literal notranslate"><span class="pre">Host</span></code> header handling. <a class="reference external" href="https://www.djangoproject.com/weblog/2012/dec/10/security/">Full description</a></p>
<div class="section" id="s-id72">
<span id="id72"></span><h4>受影响的版本<a class="headerlink" href="#id72" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/2da4ace0bc1bc1d79bf43b368cb857f6f0cd6b1b">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/319627c184e71ae267d6b7f000e293168c7b6e09">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-october-17-2012-cve-2012-4520">
<span id="october-17-2012-cve-2012-4520"></span><h3>October 17, 2012 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2012-4520">CVE-2012-4520</a><a class="headerlink" href="#october-17-2012-cve-2012-4520" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">Host</span></code> header poisoning. <a class="reference external" href="https://www.djangoproject.com/weblog/2012/oct/17/security/">Full description</a></p>
<div class="section" id="s-id73">
<span id="id73"></span><h4>受影响的版本<a class="headerlink" href="#id73" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/b45c377f8f488955e0c7069cad3f3dd21910b071">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/92d3430f12171f16f566c9050c40feefb830a4a3">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-30-2012-cve-2012-3444">
<span id="july-30-2012-cve-2012-3444"></span><h3>July 30, 2012 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2012-3444">CVE-2012-3444</a><a class="headerlink" href="#july-30-2012-cve-2012-3444" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service via large image files. <a class="reference external" href="https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id74">
<span id="id74"></span><h4>受影响的版本<a class="headerlink" href="#id74" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155">（补丁）</a></li>
<li>Django 1.4 <a class="reference external" href="https://github.com/django/django/commit/da33d67181b53fe6cc737ac1220153814a1509f6">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-30-2012-cve-2012-3443">
<span id="july-30-2012-cve-2012-3443"></span><h3>July 30, 2012 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2012-3443">CVE-2012-3443</a><a class="headerlink" href="#july-30-2012-cve-2012-3443" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service via compressed image files. <a class="reference external" href="https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id75">
<span id="id75"></span><h4>受影响的版本<a class="headerlink" href="#id75" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3: <a class="reference external" href="https://github.com/django/django/commit/b2eb4787a0fff9c9993b78be5c698e85108f3446">（补丁）</a></li>
<li>Django 1.4: <a class="reference external" href="https://github.com/django/django/commit/c14f325c4eef628bc7bfd8873c3a72aeb0219141">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-30-2012-cve-2012-3442">
<span id="july-30-2012-cve-2012-3442"></span><h3>July 30, 2012 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2012-3442">CVE-2012-3442</a><a class="headerlink" href="#july-30-2012-cve-2012-3442" title="永久链接至标题">¶</a></h3>
<p>XSS via failure to validate redirect scheme. <a class="reference external" href="https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id76">
<span id="id76"></span><h4>受影响的版本<a class="headerlink" href="#id76" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.3: <a class="reference external" href="https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d">（补丁）</a></li>
<li>Django 1.4: <a class="reference external" href="https://github.com/django/django/commit/e34685034b60be1112160e76091e5aee60149fa1">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-9-2011-cve-2011-4140">
<span id="september-9-2011-cve-2011-4140"></span><h3>September 9, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-4140">CVE-2011-4140</a><a class="headerlink" href="#september-9-2011-cve-2011-4140" title="永久链接至标题">¶</a></h3>
<p>Potential CSRF via <code class="docutils literal notranslate"><span class="pre">Host</span></code> header. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id77">
<span id="id77"></span><h4>受影响的版本<a class="headerlink" href="#id77" title="永久链接至标题">¶</a></h4>
<p>This notification was an advisory only, so no patches were issued.</p>
<ul class="simple">
<li>Django 1.2</li>
<li>Django 1.3</li>
</ul>
</div>
</div>
<div class="section" id="s-september-9-2011-cve-2011-4139">
<span id="september-9-2011-cve-2011-4139"></span><h3>September 9, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-4139">CVE-2011-4139</a><a class="headerlink" href="#september-9-2011-cve-2011-4139" title="永久链接至标题">¶</a></h3>
<p><code class="docutils literal notranslate"><span class="pre">Host</span></code> header cache poisoning. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id78">
<span id="id78"></span><h4>受影响的版本<a class="headerlink" href="#id78" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/c613af4d6485586c79d692b70a9acac429f3ca9d">（补丁）</a></li>
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/2f7fadc38efa58ac0a8f93f936b82332a199f396">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-9-2011-cve-2011-4138">
<span id="september-9-2011-cve-2011-4138"></span><h3>September 9, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-4138">CVE-2011-4138</a><a class="headerlink" href="#september-9-2011-cve-2011-4138" title="永久链接至标题">¶</a></h3>
<p>Information leakage/arbitrary request issuance via <code class="docutils literal notranslate"><span class="pre">URLField.verify_exists</span></code>.
<a class="reference external" href="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id79">
<span id="id79"></span><h4>受影响的版本<a class="headerlink" href="#id79" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.2: <a class="reference external" href="https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930">（补丁）</a></li>
<li>Django 1.3: <a class="reference external" href="https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-9-2011-cve-2011-4137">
<span id="september-9-2011-cve-2011-4137"></span><h3>September 9, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-4137">CVE-2011-4137</a><a class="headerlink" href="#september-9-2011-cve-2011-4137" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service via <code class="docutils literal notranslate"><span class="pre">URLField.verify_exists</span></code>. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id80">
<span id="id80"></span><h4>受影响的版本<a class="headerlink" href="#id80" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/7268f8af86186518821d775c530d5558fd726930">（补丁）</a></li>
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/1a76dbefdfc60e2d5954c0ba614c3d054ba9c3f0">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-9-2011-cve-2011-4136">
<span id="september-9-2011-cve-2011-4136"></span><h3>September 9, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-4136">CVE-2011-4136</a><a class="headerlink" href="#september-9-2011-cve-2011-4136" title="永久链接至标题">¶</a></h3>
<p>Session manipulation when using memory-cache-backed session. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">Full description</a></p>
<div class="section" id="s-id81">
<span id="id81"></span><h4>受影响的版本<a class="headerlink" href="#id81" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/ac7c3a110f906e4dfed3a17451bf7fd9fcb81296">（补丁）</a></li>
<li>Django 1.3 <a class="reference external" href="https://github.com/django/django/commit/fbe2eead2fa9d808658ca582241bcacb02618840">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-8-2011-cve-2011-0698">
<span id="february-8-2011-cve-2011-0698"></span><h3>February 8, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-0698">CVE-2011-0698</a><a class="headerlink" href="#february-8-2011-cve-2011-0698" title="永久链接至标题">¶</a></h3>
<p>Directory-traversal on Windows via incorrect path-separator handling. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/feb/08/security/">Full
description</a></p>
<div class="section" id="s-id82">
<span id="id82"></span><h4>受影响的版本<a class="headerlink" href="#id82" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.1 <a class="reference external" href="https://github.com/django/django/commit/570a32a047ea56265646217264b0d3dab1a14dbd">（补丁）</a></li>
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/194566480b15cf4e294d3f03ff587019b74044b2">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-8-2011-cve-2011-0697">
<span id="february-8-2011-cve-2011-0697"></span><h3>February 8, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-0697">CVE-2011-0697</a><a class="headerlink" href="#february-8-2011-cve-2011-0697" title="永久链接至标题">¶</a></h3>
<p>XSS via unsanitized names of uploaded files. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/feb/08/security/">Full description</a></p>
<div class="section" id="s-id83">
<span id="id83"></span><h4>受影响的版本<a class="headerlink" href="#id83" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.1 <a class="reference external" href="https://github.com/django/django/commit/1966786d2dde73e17f39cf340eb33fcb5d73904e">（补丁）</a></li>
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/1f814a9547842dcfabdae09573055984af9d3fab">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-february-8-2011-cve-2011-0696">
<span id="february-8-2011-cve-2011-0696"></span><h3>February 8, 2011 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2011-0696">CVE-2011-0696</a><a class="headerlink" href="#february-8-2011-cve-2011-0696" title="永久链接至标题">¶</a></h3>
<p>CSRF via forged HTTP headers. <a class="reference external" href="https://www.djangoproject.com/weblog/2011/feb/08/security/">Full description</a></p>
<div class="section" id="s-id84">
<span id="id84"></span><h4>受影响的版本<a class="headerlink" href="#id84" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.1 <a class="reference external" href="https://github.com/django/django/commit/408c5c873ce1437c7eee9544ff279ecbad7e150a">（补丁）</a></li>
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/818e70344e7193f6ebc73c82ed574e6ce3c91afc">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-december-22-2010-cve-2010-4535">
<span id="december-22-2010-cve-2010-4535"></span><h3>December 22, 2010 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2010-4535">CVE-2010-4535</a><a class="headerlink" href="#december-22-2010-cve-2010-4535" title="永久链接至标题">¶</a></h3>
<p>Denial-of-service in password-reset mechanism. <a class="reference external" href="https://www.djangoproject.com/weblog/2010/dec/22/security/">Full description</a></p>
<div class="section" id="s-id85">
<span id="id85"></span><h4>受影响的版本<a class="headerlink" href="#id85" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.1 <a class="reference external" href="https://github.com/django/django/commit/7f8dd9cbac074389af8d8fd235bf2cb657227b9a">（补丁）</a></li>
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/d5d8942a160685c403d381a279e72e09de5489a9">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-december-22-2010-cve-2010-4534">
<span id="december-22-2010-cve-2010-4534"></span><h3>December 22, 2010 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2010-4534">CVE-2010-4534</a><a class="headerlink" href="#december-22-2010-cve-2010-4534" title="永久链接至标题">¶</a></h3>
<p>Information leakage in administrative interface. <a class="reference external" href="https://www.djangoproject.com/weblog/2010/dec/22/security/">Full description</a></p>
<div class="section" id="s-id86">
<span id="id86"></span><h4>受影响的版本<a class="headerlink" href="#id86" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.1 <a class="reference external" href="https://github.com/django/django/commit/17084839fd7e267da5729f2a27753322b9d415a0">（补丁）</a></li>
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/85207a245bf09fdebe486b4c7bbcb65300f2a693">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-8-2010-cve-2010-3082">
<span id="september-8-2010-cve-2010-3082"></span><h3>September 8, 2010 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2010-3082">CVE-2010-3082</a><a class="headerlink" href="#september-8-2010-cve-2010-3082" title="永久链接至标题">¶</a></h3>
<p>XSS via trusting unsafe cookie value. <a class="reference external" href="https://www.djangoproject.com/weblog/2010/sep/08/security-release/">Full description</a></p>
<div class="section" id="s-id87">
<span id="id87"></span><h4>受影响的版本<a class="headerlink" href="#id87" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.2 <a class="reference external" href="https://github.com/django/django/commit/7f84657b6b2243cc787bdb9f296710c8d13ad0bd">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-october-9-2009-cve-2009-3965">
<span id="october-9-2009-cve-2009-3965"></span><h3>2009 年 10 月 9 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2009-3965">CVE-2009-3965</a><a class="headerlink" href="#october-9-2009-cve-2009-3965" title="永久链接至标题">¶</a></h3>
<p>通过缺陷正则表达性能拒绝服务。<a class="reference external" href="https://www.djangoproject.com/weblog/2009/oct/09/security/">完整说明</a></p>
<div class="section" id="s-id88">
<span id="id88"></span><h4>受影响的版本<a class="headerlink" href="#id88" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 1.0 <a class="reference external" href="https://github.com/django/django/commit/594a28a9044120bed58671dde8a805c9e0f6c79a">（补丁）</a></li>
<li>Django 1.1 <a class="reference external" href="https://github.com/django/django/commit/e3e992e18b368fcd56aabafc1b5bf80a6e11b495">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-july-28-2009-cve-2009-2659">
<span id="july-28-2009-cve-2009-2659"></span><h3>2009 年 7 月 28 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2009-2659">CVE-2009-2659</a><a class="headerlink" href="#july-28-2009-cve-2009-2659" title="永久链接至标题">¶</a></h3>
<p>开发服务器媒体处理程序中的目录遍历。<a class="reference external" href="https://www.djangoproject.com/weblog/2009/jul/28/security/">完整说明</a></p>
<div class="section" id="s-id89">
<span id="id89"></span><h4>受影响的版本<a class="headerlink" href="#id89" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 0.96 <a class="reference external" href="https://github.com/django/django/commit/da85d76fd6ca846f3b0ff414e042ddb5e62e2e69">（补丁）</a></li>
<li>Django 1.0 <a class="reference external" href="https://github.com/django/django/commit/df7f917b7f51ba969faa49d000ffc79572c5dcb4">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-september-2-2008-cve-2008-3909">
<span id="september-2-2008-cve-2008-3909"></span><h3>2008 年 9 月 2 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2008-3909">CVE-2008-3909</a><a class="headerlink" href="#september-2-2008-cve-2008-3909" title="永久链接至标题">¶</a></h3>
<p>在管理员登录时通过保存 POST 数据进行 CSRF。<a class="reference external" href="https://www.djangoproject.com/weblog/2008/sep/02/security/">完整说明</a></p>
<div class="section" id="s-id90">
<span id="id90"></span><h4>受影响的版本<a class="headerlink" href="#id90" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 0.91 <a class="reference external" href="https://github.com/django/django/commit/44debfeaa4473bd28872c735dd3d9afde6886752">（补丁）</a></li>
<li>Django 0.95 <a class="reference external" href="https://github.com/django/django/commit/aee48854a164382c655acb9f18b3c06c3d238e81">（补丁）</a></li>
<li>Django 0.96 <a class="reference external" href="https://github.com/django/django/commit/7e0972bded362bc4b851c109df2c8a6548481a8e">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-may-14-2008-cve-2008-2302">
<span id="may-14-2008-cve-2008-2302"></span><h3>2008 年 5 月 14 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2008-2302">CVE-2008-2302</a><a class="headerlink" href="#may-14-2008-cve-2008-2302" title="永久链接至标题">¶</a></h3>
<p>通过管理员登录重定向进行 XSS。<a class="reference external" href="https://www.djangoproject.com/weblog/2008/may/14/security/">完整说明</a></p>
<div class="section" id="s-id91">
<span id="id91"></span><h4>受影响的版本<a class="headerlink" href="#id91" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 0.91 <a class="reference external" href="https://github.com/django/django/commit/6e657e2c404a96e744748209e896d8a69c15fdf2">（补丁）</a></li>
<li>Django 0.95 <a class="reference external" href="https://github.com/django/django/commit/50ce7fb57d79e8940ccf6e2781f2f01df029b5c5">（补丁）</a></li>
<li>Django 0.96 <a class="reference external" href="https://github.com/django/django/commit/7791e5c050cebf86d868c5dab7092185b125fdc9">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-october-26-2007-cve-2007-5712">
<span id="october-26-2007-cve-2007-5712"></span><h3>2007 年 10 月 26 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2007-5712">CVE-2007-5712</a><a class="headerlink" href="#october-26-2007-cve-2007-5712" title="永久链接至标题">¶</a></h3>
<p>通过任意大的 <code class="docutils literal notranslate"><span class="pre">Accept-Language</span></code> 头拒绝服务。<a class="reference external" href="https://www.djangoproject.com/weblog/2007/oct/26/security-fix/">完整说明</a></p>
<div class="section" id="s-id92">
<span id="id92"></span><h4>受影响的版本<a class="headerlink" href="#id92" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 0.91 <a class="reference external" href="https://github.com/django/django/commit/8bc36e726c9e8c75c681d3ad232df8e882aaac81">（补丁）</a></li>
<li>Django 0.95 <a class="reference external" href="https://github.com/django/django/commit/412ed22502e11c50dbfee854627594f0e7e2c234">（补丁）</a></li>
<li>Django 0.96 <a class="reference external" href="https://github.com/django/django/commit/7dd2dd08a79e388732ce00e2b5514f15bd6d0f6f">（补丁）</a></li>
</ul>
</div>
</div>
</div>
<div class="section" id="s-issues-prior-to-django-s-security-process">
<span id="issues-prior-to-django-s-security-process"></span><h2>Django 安全进程之前的问题<a class="headerlink" href="#issues-prior-to-django-s-security-process" title="永久链接至标题">¶</a></h2>
<p>有些安全问题是在 Django 还没有正式使用安全流程之前就已经处理好的。对于这些问题，当时可能还没有发布新的版本，可能还没有分配 CVE。</p>
<div class="section" id="s-january-21-2007-cve-2007-0405">
<span id="january-21-2007-cve-2007-0405"></span><h3>2007 年 1 月 21 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2007-0405">CVE-2007-0405</a><a class="headerlink" href="#january-21-2007-cve-2007-0405" title="永久链接至标题">¶</a></h3>
<p>对认证用户进行明显的 “缓存”。<a class="reference external" href="https://www.djangoproject.com/weblog/2007/jan/21/0951/">完整说明</a></p>
<div class="section" id="s-id93">
<span id="id93"></span><h4>受影响的版本<a class="headerlink" href="#id93" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 0.95 <a class="reference external" href="https://github.com/django/django/commit/e89f0a65581f82a5740bfe989136cea75d09cd67">（补丁）</a></li>
</ul>
</div>
</div>
<div class="section" id="s-august-16-2006-cve-2007-0404">
<span id="august-16-2006-cve-2007-0404"></span><h3>2006 年 8 月 16 日 - <a class="reference external" href="https://nvd.nist.gov/vuln/detail/CVE-2007-0404">CVE-2007-0404</a><a class="headerlink" href="#august-16-2006-cve-2007-0404" title="永久链接至标题">¶</a></h3>
<p>翻译框架中的文件名验证问题。<a class="reference external" href="https://www.djangoproject.com/weblog/2006/aug/16/compilemessages/">完整说明</a></p>
<div class="section" id="s-id94">
<span id="id94"></span><h4>受影响的版本<a class="headerlink" href="#id94" title="永久链接至标题">¶</a></h4>
<ul class="simple">
<li>Django 0.90 <a class="reference external" href="https://github.com/django/django/commit/6eefa521be3c658dc0b38f8d62d52e9801e198ab">（补丁）</a></li>
<li>Django 0.91 <a class="reference external" href="https://github.com/django/django/commit/d31e39173c29537e6a1613278c93634c18a3206e">（补丁）</a></li>
<li>Django 0.95 <a class="reference external" href="https://github.com/django/django/commit/a132d411c6986418ee6c0edc331080aa792fee6e">（补丁）</a> （2007 年 1 月 21 日发布）</li>
</ul>
</div>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../contents.html">Table of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">安全问题档案</a><ul>
<li><a class="reference internal" href="#issues-under-django-s-security-process">Django 的安全流程下的问题</a><ul>
<li><a class="reference internal" href="#december-7-2021-cve-2021-44420">December 7, 2021 - CVE-2021-44420</a><ul>
<li><a class="reference internal" href="#versions-affected">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-1-2021-cve-2021-35042">2021 年 7 月 1 日 - CVE-2021-35042</a><ul>
<li><a class="reference internal" href="#id1">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#june-2-2021-cve-2021-33203">2021 年 6 月 2 日 - CVE-2021-33203</a><ul>
<li><a class="reference internal" href="#id2">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#june-2-2021-cve-2021-33571">2021 年 6 月 2 日 - CVE-2021-33571</a><ul>
<li><a class="reference internal" href="#id3">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#may-6-2021-cve-2021-32052">May 6, 2021 - CVE-2021-32052</a><ul>
<li><a class="reference internal" href="#id4">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#may-4-2021-cve-2021-31542">2021 年 5 月 4 日 - CVE-2021-31542</a><ul>
<li><a class="reference internal" href="#id5">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#april-6-2021-cve-2021-28658">2021 年 4 月 6 日 - CVE-2021-28658</a><ul>
<li><a class="reference internal" href="#id6">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-19-2021-cve-2021-23336">2021 年 2 月 19 日 - CVE-2021-23336</a><ul>
<li><a class="reference internal" href="#id7">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-1-2021-cve-2021-3281">2021 年 2 月 1 日 - CVE-2021-3281</a><ul>
<li><a class="reference internal" href="#id8">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-1-2020-cve-2020-24584">2020 年 9 月 1 日 - CVE-2020-24584</a><ul>
<li><a class="reference internal" href="#id9">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-1-2020-cve-2020-24583">2020 年 9 月 1 日 - CVE-2020-24583</a><ul>
<li><a class="reference internal" href="#id10">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#june-3-2020-cve-2020-13596">2020 年 6 月 3 日 - CVE-2020-13596</a><ul>
<li><a class="reference internal" href="#id11">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#june-3-2020-cve-2020-13254">2020 年 6 月 3 日 - CVE-2020-13254</a><ul>
<li><a class="reference internal" href="#id12">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-4-2020-cve-2020-9402">2020 年 3 月 4 日 - CVE-2020-9402</a><ul>
<li><a class="reference internal" href="#id13">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-3-2020-cve-2020-7471">2020 年 2 月 3 日 - CVE-2020-7471</a><ul>
<li><a class="reference internal" href="#id14">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#december-18-2019-cve-2019-19844">2019 年 12 月 18 日 - CVE-2019-19844</a><ul>
<li><a class="reference internal" href="#id15">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#december-2-2019-cve-2019-19118">2019 年 12 月 2 日 - CVE-2019-19118</a><ul>
<li><a class="reference internal" href="#id16">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-1-2019-cve-2019-14235">2019 年 8 月 1 日 - CVE-2019-14235</a><ul>
<li><a class="reference internal" href="#id17">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-1-2019-cve-2019-14234">2019 年 8 月 1 日 - CVE-2019-14234</a><ul>
<li><a class="reference internal" href="#id18">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-1-2019-cve-2019-14233">2019 年 8 月 1 日 - CVE-2019-14233</a><ul>
<li><a class="reference internal" href="#id19">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-1-2019-cve-2019-14232">2019 年 8 月 1 日 - CVE-2019-14232</a><ul>
<li><a class="reference internal" href="#id20">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-1-2019-cve-2019-12781">2019 年 7 月 1 日 - CVE-2019-12781</a><ul>
<li><a class="reference internal" href="#id21">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#june-3-2019-cve-2019-12308">2019 年 6 月 3 日 - CVE-2019-12308</a><ul>
<li><a class="reference internal" href="#id22">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#june-3-2019-cve-2019-11358">2019 年 6 月 3 日 - CVE-2019-11358</a><ul>
<li><a class="reference internal" href="#id23">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-11-2019-cve-2019-6975">2019 年 2 月 11 日 - CVE-2019-6975</a><ul>
<li><a class="reference internal" href="#id24">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#january-4-2019-cve-2019-3498">2019 年 1 月 4 日 - CVE-2019-3498</a><ul>
<li><a class="reference internal" href="#id25">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#october-1-2018-cve-2018-16984">2018 年 10 月 1 日 - CVE-2018-16984</a><ul>
<li><a class="reference internal" href="#id26">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-1-2018-cve-2018-14574">2018 年 8 月 1 日 - CVE-2018-14574</a><ul>
<li><a class="reference internal" href="#id27">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-6-2018-cve-2018-7537">2018 年 3 月 6 日 - CVE-2018-7537</a><ul>
<li><a class="reference internal" href="#id28">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-6-2018-cve-2018-7536">2018 年 3 月 6 日 - CVE-2018-7536</a><ul>
<li><a class="reference internal" href="#id29">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-1-2018-cve-2018-6188">2018 年 2 月 1 日 - CVE-2018-6188</a><ul>
<li><a class="reference internal" href="#id30">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-5-2017-cve-2017-12794">2017 年 9 月 5 日 - CVE-2017-12794</a><ul>
<li><a class="reference internal" href="#id31">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#april-4-2017-cve-2017-7234">2017 年 4 月 4 日 - CVE-2017-7234</a><ul>
<li><a class="reference internal" href="#id32">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#april-4-2017-cve-2017-7233">2017 年 4 月 4 日 - CVE-2017-7233</a><ul>
<li><a class="reference internal" href="#id33">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#november-1-2016-cve-2016-9014">2016 年 11 月 1 日 - CVE-2016-9014</a><ul>
<li><a class="reference internal" href="#id34">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#november-1-2016-cve-2016-9013">2016 年 11 月 1 日 - CVE-2016-9013</a><ul>
<li><a class="reference internal" href="#id35">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-26-2016-cve-2016-7401">2016 年 9 月 26 日 - CVE-2016-7401</a><ul>
<li><a class="reference internal" href="#id36">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-18-2016-cve-2016-6186">2016 年 7 月 18 日 - CVE-2016-6186</a><ul>
<li><a class="reference internal" href="#id37">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-1-2016-cve-2016-2513">2016 年 3 月 1 日 - CVE-2016-2513</a><ul>
<li><a class="reference internal" href="#id38">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-1-2016-cve-2016-2512">2016 年 3 月 1 日 - CVE-2016-2512</a><ul>
<li><a class="reference internal" href="#id39">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-1-2016-cve-2016-2048">2016 年 2 月 1 日 - CVE-2016-2048</a><ul>
<li><a class="reference internal" href="#id40">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#november-24-2015-cve-2015-8213">November 24, 2015 - CVE-2015-8213</a><ul>
<li><a class="reference internal" href="#id41">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-18-2015-cve-2015-5963-cve-2015-5964">August 18, 2015 - CVE-2015-5963 / CVE-2015-5964</a><ul>
<li><a class="reference internal" href="#id42">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-8-2015-cve-2015-5145">July 8, 2015 - CVE-2015-5145</a><ul>
<li><a class="reference internal" href="#id43">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-8-2015-cve-2015-5144">July 8, 2015 - CVE-2015-5144</a><ul>
<li><a class="reference internal" href="#id44">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-8-2015-cve-2015-5143">July 8, 2015 - CVE-2015-5143</a><ul>
<li><a class="reference internal" href="#id45">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#may-20-2015-cve-2015-3982">May 20, 2015 - CVE-2015-3982</a><ul>
<li><a class="reference internal" href="#id46">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-18-2015-cve-2015-2317">March 18, 2015 - CVE-2015-2317</a><ul>
<li><a class="reference internal" href="#id47">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-18-2015-cve-2015-2316">March 18, 2015 - CVE-2015-2316</a><ul>
<li><a class="reference internal" href="#id48">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#march-9-2015-cve-2015-2241">March 9, 2015 - CVE-2015-2241</a><ul>
<li><a class="reference internal" href="#id49">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#january-13-2015-cve-2015-0222">January 13, 2015 - CVE-2015-0222</a><ul>
<li><a class="reference internal" href="#id50">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#january-13-2015-cve-2015-0221">January 13, 2015 - CVE-2015-0221</a><ul>
<li><a class="reference internal" href="#id51">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#january-13-2015-cve-2015-0220">January 13, 2015 - CVE-2015-0220</a><ul>
<li><a class="reference internal" href="#id52">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#january-13-2015-cve-2015-0219">January 13, 2015 - CVE-2015-0219</a><ul>
<li><a class="reference internal" href="#id53">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-20-2014-cve-2014-0483">August 20, 2014 - CVE-2014-0483</a><ul>
<li><a class="reference internal" href="#id54">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-20-2014-cve-2014-0482">August 20, 2014 - CVE-2014-0482</a><ul>
<li><a class="reference internal" href="#id55">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-20-2014-cve-2014-0481">August 20, 2014 - CVE-2014-0481</a><ul>
<li><a class="reference internal" href="#id56">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-20-2014-cve-2014-0480">August 20, 2014 - CVE-2014-0480</a><ul>
<li><a class="reference internal" href="#id57">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#may-18-2014-cve-2014-3730">May 18, 2014 - CVE-2014-3730</a><ul>
<li><a class="reference internal" href="#id58">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#may-18-2014-cve-2014-1418">May 18, 2014 - CVE-2014-1418</a><ul>
<li><a class="reference internal" href="#id59">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#april-21-2014-cve-2014-0474">April 21, 2014 - CVE-2014-0474</a><ul>
<li><a class="reference internal" href="#id60">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#april-21-2014-cve-2014-0473">April 21, 2014 - CVE-2014-0473</a><ul>
<li><a class="reference internal" href="#id61">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#april-21-2014-cve-2014-0472">April 21, 2014 - CVE-2014-0472</a><ul>
<li><a class="reference internal" href="#id62">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-14-2013-cve-2013-1443">September 14, 2013 - CVE-2013-1443</a><ul>
<li><a class="reference internal" href="#id63">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-10-2013-cve-2013-4315">September 10, 2013 - CVE-2013-4315</a><ul>
<li><a class="reference internal" href="#id64">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-13-2013-cve-2013-6044">August 13, 2013 - CVE-2013-6044</a><ul>
<li><a class="reference internal" href="#id65">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-13-2013-cve-2013-4249">August 13, 2013 - CVE-2013-4249</a><ul>
<li><a class="reference internal" href="#id66">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-19-2013-cve-2013-0306">February 19, 2013 - CVE-2013-0306</a><ul>
<li><a class="reference internal" href="#id67">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-19-2013-cve-2013-0305">February 19, 2013 - CVE-2013-0305</a><ul>
<li><a class="reference internal" href="#id68">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-19-2013-cve-2013-1664-cve-2013-1665">February 19, 2013 - CVE-2013-1664 / CVE-2013-1665</a><ul>
<li><a class="reference internal" href="#id69">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-19-2013-no-cve">February 19, 2013 - No CVE</a><ul>
<li><a class="reference internal" href="#id70">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#december-10-2012-no-cve-2">December 10, 2012 - No CVE 2</a><ul>
<li><a class="reference internal" href="#id71">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#december-10-2012-no-cve-1">December 10, 2012 - No CVE 1</a><ul>
<li><a class="reference internal" href="#id72">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#october-17-2012-cve-2012-4520">October 17, 2012 - CVE-2012-4520</a><ul>
<li><a class="reference internal" href="#id73">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-30-2012-cve-2012-3444">July 30, 2012 - CVE-2012-3444</a><ul>
<li><a class="reference internal" href="#id74">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-30-2012-cve-2012-3443">July 30, 2012 - CVE-2012-3443</a><ul>
<li><a class="reference internal" href="#id75">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-30-2012-cve-2012-3442">July 30, 2012 - CVE-2012-3442</a><ul>
<li><a class="reference internal" href="#id76">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-9-2011-cve-2011-4140">September 9, 2011 - CVE-2011-4140</a><ul>
<li><a class="reference internal" href="#id77">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-9-2011-cve-2011-4139">September 9, 2011 - CVE-2011-4139</a><ul>
<li><a class="reference internal" href="#id78">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-9-2011-cve-2011-4138">September 9, 2011 - CVE-2011-4138</a><ul>
<li><a class="reference internal" href="#id79">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-9-2011-cve-2011-4137">September 9, 2011 - CVE-2011-4137</a><ul>
<li><a class="reference internal" href="#id80">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-9-2011-cve-2011-4136">September 9, 2011 - CVE-2011-4136</a><ul>
<li><a class="reference internal" href="#id81">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-8-2011-cve-2011-0698">February 8, 2011 - CVE-2011-0698</a><ul>
<li><a class="reference internal" href="#id82">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-8-2011-cve-2011-0697">February 8, 2011 - CVE-2011-0697</a><ul>
<li><a class="reference internal" href="#id83">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#february-8-2011-cve-2011-0696">February 8, 2011 - CVE-2011-0696</a><ul>
<li><a class="reference internal" href="#id84">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#december-22-2010-cve-2010-4535">December 22, 2010 - CVE-2010-4535</a><ul>
<li><a class="reference internal" href="#id85">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#december-22-2010-cve-2010-4534">December 22, 2010 - CVE-2010-4534</a><ul>
<li><a class="reference internal" href="#id86">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-8-2010-cve-2010-3082">September 8, 2010 - CVE-2010-3082</a><ul>
<li><a class="reference internal" href="#id87">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#october-9-2009-cve-2009-3965">2009 年 10 月 9 日 - CVE-2009-3965</a><ul>
<li><a class="reference internal" href="#id88">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#july-28-2009-cve-2009-2659">2009 年 7 月 28 日 - CVE-2009-2659</a><ul>
<li><a class="reference internal" href="#id89">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#september-2-2008-cve-2008-3909">2008 年 9 月 2 日 - CVE-2008-3909</a><ul>
<li><a class="reference internal" href="#id90">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#may-14-2008-cve-2008-2302">2008 年 5 月 14 日 - CVE-2008-2302</a><ul>
<li><a class="reference internal" href="#id91">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#october-26-2007-cve-2007-5712">2007 年 10 月 26 日 - CVE-2007-5712</a><ul>
<li><a class="reference internal" href="#id92">受影响的版本</a></li>
</ul>
</li>
</ul>
</li>
<li><a class="reference internal" href="#issues-prior-to-django-s-security-process">Django 安全进程之前的问题</a><ul>
<li><a class="reference internal" href="#january-21-2007-cve-2007-0405">2007 年 1 月 21 日 - CVE-2007-0405</a><ul>
<li><a class="reference internal" href="#id93">受影响的版本</a></li>
</ul>
</li>
<li><a class="reference internal" href="#august-16-2006-cve-2007-0404">2006 年 8 月 16 日 - CVE-2007-0404</a><ul>
<li><a class="reference internal" href="#id94">受影响的版本</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>

  <h4>上一个主题</h4>
  <p class="topless"><a href="0.95.html"
                        title="上一章">Django 0.95 版本发行说明</a></p>
  <h4>下一个主题</h4>
  <p class="topless"><a href="../internals/index.html"
                        title="下一章">Django internals</a></p>
  <div role="note" aria-label="source link">
    <h3>本页</h3>
    <ul class="this-page-menu">
      <li><a href="../_sources/releases/security.txt"
            rel="nofollow">显示源代码</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3>快速搜索</h3>
    <div class="searchformwrapper">
    <form class="search" action="../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="转向" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">12月 07, 2021</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="0.95.html" title="Django 0.95 版本发行说明">previous</a>
     |
    <a href="index.html" title="发行说明" accesskey="U">up</a>
   |
    <a href="../internals/index.html" title="Django internals">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>